GNU bug report logs - #74218
[PATCH] Ask confirmation before sending region to search engine.

Previous Next

Package: emacs;

Reported by: Fabio Natali <me <at> fabionatali.com>

Date: Wed, 6 Nov 2024 00:57:02 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #53 received at 74218 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Fabio Natali <me <at> fabionatali.com>
Cc: 74218 <at> debbugs.gnu.org, rpluim <at> gmail.com, me <at> eshelyaron.com,
 stefankangas <at> gmail.com
Subject: Re: bug#74218: [PATCH] Ask confirmation before sending region to
 search engine.
Date: Thu, 07 Nov 2024 13:56:00 +0200

> From: Fabio Natali <me <at> fabionatali.com>
> Cc: me <at> eshelyaron.com, 74218 <at> debbugs.gnu.org, stefankangas <at> gmail.com
> Date: Thu, 07 Nov 2024 11:29:37 +0000
> 
> On 2024-11-07, 13:05 +0200, Eli Zaretskii <eliz <at> gnu.org> wrote:
> > My take on it is that the user might not realize that the region is
> > very large and includes parts she didn't intend to send.  IOW, a
> > cockpit error.
> 
> It's not only that. Commands can be typed by mistake. The fact that the
> command's docstring warns about its effects is not enough.
> 
> By default, 'eww-search-words' is bound to 'M-s M-w'. The probability of
> accidentally mistyping that combination is not at all negligible. I did
> discover the command's beheaviour via view-lossage after mistyping 'M-s
> M-w', for example.

Those are still "cockpit errors", aren't they?

Did it happen to you that you typed incorrect phrase into a browser's
search window?  Does a browser always unconditionally ask you whether
you really meant that?

> One might argue that, no matter how long, all sequences of keys and
> commands could be mistyped, but that'd be a bit misleading. I think that
> adding a warning and a yes-or-no confirmation request would make
> 'eww-search-words' sufficiently safe, that's the assumption behind my
> patch.

You ask a valid question, but don't answer it.  Indeed, why would we
treat this particular command differently from others?  "Would be
misleading" doesn't provide an answer to the question; instead, it
seems to claim that the question itself is invalid.  Why is it?

> As I said above, I don't think that the sensitivity of a block of text
> is a function of its length. Case in point, a password, an address, any
> piece of Personally Identifiable Information.

Is this the only command which sends user-typed text to the Internet?
I don't think so: the first example I could think about is sending
email.  Do we ask the user for confirmation each time the user types
the command to send a message?  Why not, and how is this command
different, in the general sense?

> Users can always override the default and might decide to customise
> 'eww-search-words' as they like - but I still think it's important to
> provide a safe default, something safer than what we have today.

I'm asking why requesting a confirmation in every case is a reasonable
default.  It is safe, I agree, but it is also annoying in many cases.
This bug report was last modified 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.